Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
178 views
in Technique[技术] by (71.8m points)

authentication - cUrls's option "-u"

From cUrl docs:

-u, --user <user:password;options>

Specify the user name, password and optional login options to use for server authentication. Overrides -n, --netrc and --netrc-optional.

What it gets translated to, meaning how do I catch it on the server to authenticate the user: are they in GET or in POST parameters?

The language is not important, the idea is important.

question from:https://stackoverflow.com/questions/20737031/curlss-option-u

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

It all depends on the authentication method but for the most common ones - Basic Auth and Digest Auth, this works with ad hoc HTTP headers. Here's an example with Basic Auth:

curl -u john:pwd http://foo.com/misc

This performs a GET request with the corresponding header:

GET /misc HTTP/1.1
Authorization: Basic am9objpwd2Q=
User-Agent: curl/7.33.0
Host: foo.com
Accept: */*

The Authorization header contains the authentication data the server is supposed to parse, base64 decode[1] and use. The same header would be set with a POST request. You can easily test it out with a service like httpbin(1) (see /basic-auth/:user/:passwd endpoint).

Digest auth is a bit more complex but works with HTTP headers too:

  • the client first send its request, the server replies with a 401 Unauthorized including a WWW-Authenticate header with a challenge to solve,
  • the client solves the challenge and send another request with the response included into a Authorization header which has to be parsed and validated on the server-side.

[1]: base64("john:pwd") -> am9objpwd2Q=


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...